350-501 SPCOR Cisco CCNP Service Provider – MPLS Layer 3 VPN part 1

1. MPLS Layer 3 VPN

In this video I’m going to show you how MPLS VPNs are going to work a little bit differently. So I’m just going to give some overview of how it’s going to work. But in fact, we’ll probably get into some more practical based MPLS and three VPNs later on sessions. So, as we have already discussed in our previous session, if you remember, we have seen some of the basic things about the lease line connections. Like we have been using dedicated lines for over years, very long back, which provides a separate dedicated point to point connections. But the problem with the lease lines are it’s not scalable. At the same time they are a very expensive solution. Now, most of the lease line connections in today’s networks have replaced with VPN type of implementations which is going to provide a virtual point to point connection between the two different sites over the service portal network.

Now, we got two major categories of VPN models. We have something called Overlay Model and Virtue Model which we discuss in detail in our previous sections. Now Overlay Model, the service folder is just providing a layer to virtual connection between the two endpoints. Here it’s more like a virtual point to point connection where service board is not participating any of the customer routings. So when you talk about petabyte models, the service boarder is responsible for taking the routes of the customer and installs in a routing table and it’s responsible for sending to the other end and then finally reaches the customer. Now, we have also seen some of the advantages and disadvantages of both the models.

Now in this section we’ll see how MPLS VPNs are going to differ and how MPLS VPNs are going to work exactly when you compare with other models. Now, the first thing when you say MPL is multiprotocol label switching. Now you can see the name itself says Label Switching which means when you are packets from the customer side it enters as a normal IP packet and inside the respond network from this end to other end, it will be a label switch. And it is not going to forward based on the IP packets, it will be forwarded based on the label switch. That’s what a label switching says here. So forward the packets based on the labels instead of a normal IP packets, it is going to combine some of the advantages of both Overlay model and the peer to peer model.

Now, let us see how it is going to work. We have seen in case of MPLS, the packet enters as a normal IP packet and then goes to the router provides router and then it goes as a label packet and then it will identify the label and change the label to another label and then finally reaches the other end. Now, in case of MPLS, just like we discussed in a P to P model, also the customer, let’s say tender network is going to advertise his network to the providers router. Which means we are going to do some routing between the service portal and the customer. And now the service portal is going to maintain the routes in a separate VRF routing table. Now VRF is a virtual route forwarding where the provider edge router is going to maintain a separate routing tables for each and every customer.

Let’s say you have another customer, let’s say customer B or Customer XYZ, whatever. So if he is connecting here, let’s say Customer XYZ also connecting the same B, then those routes are placed in a separate VRF routing table. Now once the provider edge router receives the routes, now the same thing happens on the other side. Also this customer advertises its own network to the provider edged router and the P router is going to maintain the customer routes in a separate VR routing table. Now in order to exchange the routes from one end to another end from P to P, we are going to configure something called VPN V Four. Peering has to be established between P to P. Now we can have a direct VPN V Four pairing between PE to P. Or if you are working for a big service for network, you can have a VPN vivo pairing established to any of the peer router and then back to PE again.

So here, let’s take an example. Whatever the way you are doing so there is a VPN V Four pairing has to be established between PE to Peer outer. Now this pairing is more similar to your tunnel tunneling what we do in a GRE or IPsec tunnels, it’s more similar kind of thing. Now once we establish a VPN pairing between these two, now what the peer router is going to do is peer receives a normal IP packet. It’s going to take the IP packet and once we establish a VPN viewpoint, it’s going to add one label and that label will be your VPN label. Now, based on this VPN label, now this P router is going to see this label and based on that label information, it will simply try to forward to another edge of the powered edge router without actually seeing any information inside the IP packet.

Which means now any traffic coming from customer to reach from one P to another P, it is only concerned about the label. It is not at all bothered what is the source from where the packet is coming, what is the destination, what is exactly inside that IP packet. So it’s going to see that label and then it will automatically switch based on the label. Again, that label is built based on the OSP of our EHRP protocol running inside the service port network. That again, I’ll come to that much more in detail. How the labels, how the labels are added, how the label information is propagated about all those things. Now based on this label, it is only concerned to forward the packet on the other end.

Now, if you talk about here, unlike your peer to bite model, now the P router do not know anything about the customer route, so it do not maintain any of the customer routes, Which means now the Service Porter do not need to maintain any of the customer routes except the provider edge router. Now, this P router is only going to maintain the customer routes in a separate VR routing table, and this P router is going to maintain the customer routes in a separate routing table, whereas the complete service border router, which is P routers they don’t really bother. What are the customer routes? Because the entire packet from one end to another end is forwarded based on the label.

It is a label switch. So the good thing about the MPLS VPNs when you compare with the PDP model is it’s going to provide a BGP free code, which means without actually running any BGP, without actually running any BGP inside the service folder, we are still providing the reachability from one side to another side of the customer. Unlike in the PDP model, apart from providing the VGP free code, it also just works like a frame layer where the packets from one end to another end or label suite just like your layer two. So in general, generally we call as MPLS works at OSM or Loft 2. 5. So it’s going to follow the packet based on the labels more like a layer to layer two technology.

But at the same time it is responsible for exchanging the route from customer to customer and we are going to configure some PE to C routing through that. So in this section we have seen some basic introduction to MP’s VPNs, how they exactly work. But probably in our next sessions we get into some more in detail practical verification of how the labels assign how LDP and then we also see some more in detail like the different kinds of configurations we do.

2. Steps to Configure MPLS L3 VPN

In this section I’m going to explain you the different steps which we use to configure MPLS L three VPNs. So you can see all the six steps I have listed here. So the first step will be we need to configure IGP inside the service portal core network. So let’s take an example. This is my service photo core network which I’ll be using in all my labs. So first thing we need to configure IGP inside the service photo core network. So either you can use OSPO or you can use ISS or EHRP Rip. But most commonly inside the service for a core network, either we use OSPF or ISS protocols. So we have already seen that how to configure in our previous videos.

And the second step is to configure MPs LDP inside the service for a core network because the LDP bindings will be created only based on IGP, whatever we configured inside the service for core network. So based on that theft table, it is going to create based on your OSPF. It’s going to also create label forwarding information based table. So we need to enable, we need to go to each and every interface which is connecting inside the service portal. We need to give one command called MPLS IP. And once you give this command, these two routers will form LDP neighborship and it’s going to forward the packet based on the labels.

So this is very important and you need to ensure that inside the service for core network we have LDP running properly and all the routers are able to forward the packets based on the labels. If there is a problem with the label switch path in any of the transit, it’s going to affect your reachable. It’s going to have some reachability issues. So next thing so these two things already we have seen in our previous sections in detail with some practical verifications. Now we have also seen something called creating the VRF. Now the third step we need to go to the interface which is connecting towards the customer and we need to create a VRF and then defining some route distinguisher values and route target values.

So now this has to be done only on the provider edge routers the routers this is a P router and whichever is connecting to the customer end, we need to create a VRF. So in my labs I’ll be using VRFA one probably on this side and I’m going to use VRF A two. And then we need to assign some route distinguisher values. Probably in my labs I’m using route distinguisher value as finite column one, finite column on both the sides. And then the next thing we need to configure import export RT values. So I’m going to export and import 500 column one on both the side. So this is the next step. The third step at the same time you also need to assign the interface which is facing towards the customer under the VRF okay? Which means whatever the route is receiving from this interface from the customer, it will be automatically placed in a separate VRF routing table.

And similarly, if you are connecting multiple customer sites, we need to create customer A, VRF B here and VRFC like that. So this will be your third step. So this steps step by step, I’m going to explain you in detail with practicals in our next scenarios. But here our main focus will be on understanding all the steps. Okay? So let’s assume that we already configured IGP inside and LDP is also pre configured and then we also have created VRF. Now the fourth step, either you can follow any of these steps, it’s not mandatory to be in order, but these three steps we need to configure first and the remaining three steps we can confirm in any order.

So the next step will be now if you want to ensure that the customer routes from C to C should exchange, that is our main intention here. There is a network called five on the router file which is my customer A. One should be able to communicate with customer A two that is the same customer but the site two, they should be able to communicate. Now we configure three steps already and the fourth step will be we need to configure P to C routing. So either you can do P two C routing or VPN V four. But I prefer to do first P to C routing here. So now to configure P to C routing, you can use any of the routing protocol.

Now what I need to do is I need to ensure that I configure any routing protocol to advertise the LAN interfaces, whatever I have on the customer to reach the service order router, that is P router and it should be placed in a VRF routing table. So I created VRFA one that’s example. So similar way, whatever the route is on the customer land, it has to come into the VRF routing table of service portal that is VRFA, maybe any VRF name. So to make this possible, we can use any of the routing protocol like P to C routing. Either I can use static routing or I can use Rap. Also I can also use EHRP or OSPF or BGP or ISS. Any routing protocol I can use. It all depends upon the requirement of the customer.

Let’s say customer want to use Rap. Now we should be able to provide okay, we can also support Rip. So you need to use Rip protocol as P two C router. Let’s say if the customer says maybe on the side too, I’m using BGP, no problem, we can also use PGP. So this one step is going to vary depending upon the customer requirements. Okay, so that is our fourth step, probably fifth step here, but you can do it in any order. So I prefer to go with configure routing between P to C using any of the protocol. So we’ll get into in detail verification of different protocols. Like in case of static routing, the configuration will slightly vary when you compare with Rip, when you compare with OSPF, the configurations will be different and when you compare EHRP will be different, BGP will be different, but the entire concept remains the same.

The main intention of doing peak to sue routing is to ensure that whatever the routes on the customer land, they should get advised to provide a red router. That is the fourth step. Okay, so now the fifth step, I prefer to go with the fifth step as VPN V Four pairing. Now the fifth step will be we need to configure VPN Vivo pairing, that is MPs tunnel between both the PE routers. So now once my customer routes in the land are able to reach the provider edge router and also these customer routes are coming towards the provider edge router. Now we need to ensure that these routes should reach the other end. Now in order to make that possible, there are multiple things required.

The first thing we need to do is we need to configure a tunnel between P to P. Now this tunnel we generally call as VPN V Four query. So it’s a one kind of BGP configuration. BGP supports multiple that’s what MP BGP, it supports multiple protocol multiprotocol BGP in that one of the implementation. We need to configure VPN V for pinning. So it’s more like an IB GP configuration. So I’ll get into more in detail about these configurations and steps or the commands what we use exactly. This will be our next step. Okay, so once we configure, now you can see, if you see this is in three parts. Now this is one part on the side one, this is a second part and we got third part. Now we need to combine these three parts so that we can have some end to end communication.

And that is going to be combined in our next step. And the last step is redistribution of the routes. The final step is redistribution. So let’s take an example. If I’m using Rip here and I’m using Rip on the other side also you can use any protocol. It’s not mandatory that you must use rip, rip on both the sides. Maybe you can also use OSP up here. It doesn’t make difference. So whatever the routing, it doesn’t make difference. So now we need to ensure that this customer route should reach the other end. In order to make that possible, we need to do redistribution of rip routes into BGP. Which means all the routes coming from customer will reach the provider edge router.

And now this provider edge router will forward your routes through VPN V Four and it is going to reach on the other end of the provider edge router. And after that we need to redistribute this BGP into OSPF or Rip, whatever the protocol we are using. So which means on the P routers we need to do mutual redistribution of BGP and any other protocol, whatever the protocol you are using on the customer end. Okay, this is the final step which we need to configure in order to make sure that the customer site One must be able to communicate with site one. I can see all the six steps, so we’ll go in detail each and every step. Now, once you configure all these things, that only your L three VPNs is going to work.

So it will be lengthy configurations, but these are all the six steps we need to configure. So the first step will be IGP inside. Let me just quickly revise one more time. What are the six steps? The first step we need to run IGP inside the service protocol network. And the second step will be we need to configure LDP inside to ensure that we have a proper label switch path from end to end inside the service core network. And the third step will be we need to create a VRF on the broader edge router and we need to assign the interface facing towards the customer under the VRF. At the same time, we also assign some Rd values, Rtvalues also. And then the fourth step will be we need to ensure that there is a routing between P two C.

Now, when we are doing routing between P two C, we can use any routing protocol. It’s up to the requirement. So let’s say I’m using R IP on this side, I’m also using Rip on the other side also. Or you can use any protocol. That’s the fourth step. And the fifth step will be we need to configure VPN V Four pairing between PE to Pee routers. We call this as VPN V Four Pairing. Now this VPN V Four is going to carry your routes under the VRF through this VPN V four pairing. And the final step will be doing some distribution of whatever the IGP you are running on this side into BGP and BGP into whatever the IGP you’re running on this side. The same thing you have to do on both the sides here also.